Compliance

Prisme.ai is committed to maintaining the highest standards of security and compliance. This page outlines our certifications, regulatory compliance measures, and the frameworks we adhere to in order to protect your data and ensure our services meet industry standards.

​

Security Certifications

Prisme.ai is achieving the following security certification:

​

ISO 27001

ISO 27001 is an internationally recognized standard for information security management. Our certification confirms that Prisme.ai:

• Systematically examines security risks
• Implements comprehensive security controls
• Adopts a management process to ensure controls meet security needs over time
• Maintains an information security management system (ISMS) that protects customer data

​

Continuous Compliance Monitoring with VANTA

Prisme.ai utilizes VANTA to automate and continuously monitor our security compliance status:

• Real-time assessment of security controls
• Automated evidence collection
• Continuous verification of policy implementation
• Streamlined security questionnaire responses

Our Trust Center is available upon request, providing customers with transparent visibility into our security posture and compliance status.

​

Regulatory Compliance

Prisme.ai helps customers meet their regulatory obligations across various industries and regions:

​

Data Protection Regulations - GDPR

The General Data Protection Regulation (EU):

• Data processing agreements (DPAs) available for all customers
• EU-compliant data transfer mechanisms
• Features to support data subject rights (access, deletion, etc.)
• Data privacy impact assessment (DPIA) documentation
• Breach notification processes within 72 hours
• Data protection by design and by default implementation
• Comprehensive data processing records
• Cross-border data transfer controls
• Privacy-focused data retention policies
• Regular data protection training for all staff

​

AI Regulations and Standards

​

Security Frameworks and Standards

Prisme.ai aligns with leading security frameworks and standards:

​

NIST Cybersecurity Framework

Our security program incorporates the five core functions of the NIST CSF:

​

Cloud Security Alliance (CSA)

Prisme.ai adheres to the Cloud Controls Matrix (CCM), providing:

• Transparency through the CSA STAR Registry
• Implementation of cloud-specific security controls
• Regular assessment against CSA best practices

​

OWASP Security Practices

Our development processes incorporate OWASP security principles:

• Regular security testing for OWASP Top 10 vulnerabilities
• Secure coding practices
• Security requirements integrated into development lifecycle
• Static and dynamic application security testing

​

Self-Hosted Compliance

For organizations with specific compliance requirements, Prisme.ai offers self-hosted deployment options:

​

Compliance Documentation and Resources

Prisme.ai provides comprehensive documentation to support your compliance efforts:

​

Available Documentation

• Trust Center: Detailed Trust Center
• Penetration Test Summary: Results of our latest security testing
• Risk Assessment Framework: How we evaluate and mitigate risks
• Vendor Security Assessment: Information for your vendor security reviews

​

Requesting Documentation

To receive compliance documentation:

1. Existing customers: Contact your account representative or submit a request through the support portal
2. Prospective customers: Reach out to sales@prisme.ai to request documentation under NDA

​

Continuous Compliance Monitoring

Prisme.ai maintains continuous compliance through our partnership with VANTA:

The VANTA platform enables us to maintain a continuous state of audit readiness while providing transparency to our customers. Our Trust Center offers:

• Current security posture metrics
• Policy documentation
• Compliance certifications
• Vendor risk management information
• Evidence of control effectiveness
• Automated security questionnaire responses

​

Shared Responsibility Model

Security and compliance in Prisme.ai follow a shared responsibility model:

​

Compliance FAQs

​

Additional Resources

​

Contact Information

For compliance-related inquiries or to request additional information:

• Security Team: security@prisme.ai